| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ae5eee33-9dfc-0609-1bf8-33fd773b9bd5@hanno.de>
Date: Mon, 17 Feb 2020 16:24:41 +0100
From: Hanno Zulla <abos@...no.de>
To: Jiri Kosina <jikos@...nel.org>,
Benjamin Tissoires <benjamin.tissoires@...hat.com>,
linux-input@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 0/3] HID: hid-bigbenff: fixing three crash bugs in a gamepad
driver
Hi there,
the hid-bigbenff.c had three bugs causing possible kernel crashes.
The first patch fixes a double free during device removal, which was
caused by a wrong use of input_ff_create_memless(). The
"driver-specific data to be passed into play_effect" parameter of
input_ff_create_memless() would later be freed automatically when the ff
device is removed. Since the driver also uses the managed resource API,
it would automatically free the memory of this parameter twice, causing
a general protection fault moments later.
The second patch fixes the error path after hid_hw_start(), as a call
to hid_hw_stop() is required in case of an error.
The second patch also removes the hid_hw_close() call during device
removal, as several other hid device drivers don't call this routine,
either.
The third patch adds a flag to avoid a race condition when there is
still scheduled work left (or newly being scheduled) during or after
device removal, which could cause a kernel crash.
Thanks in advance for your review & kind regards,
Hanno
Powered by blists - more mailing lists